IETF Logo Mail Archive

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

<home_pw@msn.com> Sun, 28 January 2007 04:51 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HB20T-0006gI-0o; Sat, 27 Jan 2007 23:51:09 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HB20S-0006cJ-5I for tls@ietf.org; Sat, 27 Jan 2007 23:51:08 -0500
Received: from bay0-omc1-s1.bay0.hotmail.com ([65.54.246.73]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HB20Q-0004ak-Ku for tls@ietf.org; Sat, 27 Jan 2007 23:51:08 -0500
Received: from hotmail.com ([65.55.131.19]) by bay0-omc1-s1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 27 Jan 2007 20:51:06 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 27 Jan 2007 20:51:05 -0800
Message-ID: <BAY126-DAV9321B955D7C0BA1A0CFF092A00@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV9.phx.gbl with DAV; Sun, 28 Jan 2007 04:51:00 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: pgut001@cs.auckland.ac.nz
References: <E1HAdBx-0004G2-00@medusa01.cs.auckland.ac.nz>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Date: Sat, 27 Jan 2007 20:51:00 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 28 Jan 2007 04:51:05.0509 (UTC) FILETIME=[EB186D50:01C74297]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

There has been a fair amount of support for experimental, 
when I look back over the thread. Assuming the authors could 
live with this, we could proceed, despite some clear and 
absolute "never-never-never votes". TLS WG could then lead 
the next generation of the privacy debate - moving privacy 
beyond black/white strong pairwise encryption claim into 
being a protocol for asserting "agreed limits for privacy 
expectations". This would enable SSL to get on with higher 
value transactions, and move beyond "SSL is great for $1000 
e-commerce - that is assured by visa cards anyways". I know 
in my industry this _is_ being called for, where the 
transactions are generally 500,000USD or more, and involve a 
whole slew of regulated activities and licensed parties who 
required higher assurance from https RECORDS than we have 
addressed to date.

I do think we would have to go back to basics tho. if the 
work item is accepted - starting with a requirement analysis 
and call for (competing) protocol designs - designs that can 
take into account wider understanding of various 
privacy/data-protection/data-retention regulatory regimes 
that must be taken into account.

And, we must distinguish between TLS Evidence and TLS 
Authorization. The spec as-is currently is a design that 
says to me: "create an infrastructure that enforces 
mandatory data retention in the US, controlling 
communication capabilities at the router based on testing 
for "voluntary" optin to that policy regime. If the 
challenged party rejects the policy optin, deny 
communications - to show the evidence retention subpoena is 
being complied with". This apparent ultimate focus of the 
current concept (TLS Authorization) needs to be separated 
out of the TLS Evidence. A separate work item should be 
sought, to justify a place for working on TLS 
Authorization - a control plane protocol that clearly 
distinguishes itself from TLS Evidence (a data plane 
service).

By starting with requirements, we would get back to 
(technical) evidence and its relationship to an enhanced 
privacy service, addressing such as the role of sessionid 
cache data retention, the new ticket data retention (and the 
role of MS key wrapping) and - similarly - 
ciphertext/cleartext data retention. Several other topics 
would probably need to get included.

If the work item is accepted, this could be some of the 
underlying work that a section of the working group would 
need to address and reduce to issue/requirement form., Then, 
folks can worry about which protocol elements shall 
represent/control/enforce/store information, at which layer: 
https-v2/higgins, or TLS1.x.


----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: <batyr@sympatico.ca>; <home_pw@msn.com>; 
<nelson@bolyard.com>; <pgut001@cs.auckland.ac.nz>
Cc: <tls@ietf.org>
Sent: Friday, January 26, 2007 6:21 PM
Subject: Re: [TLS] Please discuss: 
draft-housley-evidence-extns-00<

> "Omirjan Batyrbaev" <batyr@sympatico.ca> writes:
>
>>And what it takes to be Experimental RFC?
>
> See http://www.ietf.org/u/ietfchair/info-exp.html, in 
> particular the
> Guidelines section which explain the Rules section:
>
> # If the IETF may publish something based on this on the 
> standards track once
>  we know how well this one works, it's Experimental. This 
> is the typical case
>  of not being able to decide which protocol is "better" 
> before we have
>  experience of dealing with them from a stable 
> specification. Case in point:
>  "PGM Reliable Transport Protocol Specification" (RFC 
> 3208)
>
> # If the document contains implicit or explicit 
> success/failure criteria, and
>  it's clear that the outcome can be used as the basis for 
> a recommendation to
>  the IETF community, it's Experimental. Case in point: RFC 
> 1797 "Class A
>  Subnet Experiment" which led to RFC 1879 "Class A Subnet 
> Experiment Results
>  and Recommendations"
>
> Peter.
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email